Flatpak package [Planned]

edited November 2020 in Linux Beta

Hi! Flatpak is a package management system for Linux, that's supported across a variety of distributions.

It provides some pretty good isolation for desktop apps, which I personally appreciate due to the added security (it's not absolute isolation, but at least processes can't read freely read one's home filesystem without approval and other enhancements).

I've been thinking about creating a package with 1Password, would you guys be okay with that being submitted to Flathub?

Basically the descriptor for the package has this format, and merely fetches the source from your site:

app-id: org.onepassword.onepassword
runtime: org.freedesktop.Platform
runtime-version: '20.08'
sdk: org.freedesktop.Sdk
command: /app/squashfs-root/1password
modules:
  - name: 1password
    buildsystem: simple
    build-commands:
      - chmod +x 1password-0.9.5-2.AppImage
      - ./1password-0.9.5-2.AppImage --appimage-extract
      - cp -r squashfs-root/ /app
      # - install -D 1password-0.9.5-2.AppImage /app/bin/1password
    sources:
      - type: file
        url: https://downloads.1password.com/linux/appimage/1password-0.9.5-2.AppImage
        sha512: 6bfc61c9da5cca90279664ab7aab0cb30569720fb9bd168accc65068b570e11ba5c59942d19d88baa7c42dd4d647686b9480bd1d957df956dff2562b9846a5b0
finish-args:
  - --socket=x11
  - --share=network

Note: this is just and example and doesn't yet work.
It's just to kind reflect how the package is generated. Also, this still fails due to some SUID error with a bundled helper.


1Password Version: 0.9.5-2.AppImage
Extension Version: n/a
OS Version: ArchLinux
Sync Type: n/a
Referrer: forum-search:flatpak

Comments

  • MikeTMikeT Agile Samurai

    Team Member
    edited November 2020

    Hi @WhyNotHugo,

    Thanks for taking the time to write in and for helping us with Flatpak, it is appreciated!

    We do have plans to support Flatpak and Flathub, we've mentioned this a while ago in a thread here.

    We just need time to set it all up to automate this in-house. We've just finished adding AUR support recently after adding Snap and we're working to add more including Flatpak.

    According to Flathub here, they'd prefer that we do this as transferring ownership can be a bit problematic. So, let me nudge our team and see if we can do something sooner rather than later.

    ref: dev/core/core#2453

  • Thanks for your reply!

    Seems like I missed the above link, thanks for pointing it out.

    I take if you'd rather submit this yourselves rather than go through the transfer process then. If I manage to get a working flatpak descriptor then, I'll just go ahead and post it here so you guy can handle is as you prefer.

    Thanks, cheers!

  • BlakeBlake

    Team Member

    Thanks a ton for that @WhyNotHugo -- you can certainly post the flatpak descriptor here and we can grab the reigns and take it from there. 😊

  • Kinda forgot about this. I've a working package -- mostly the metadata is missing, which I'm sure you'd prefer to fill in yourselves anyway:

    com.1password.1Password.yml:

    app-id: org.onepassword.onepassword
    base: org.electronjs.Electron2.BaseApp
    base-version: '20.08'
    runtime: org.freedesktop.Platform
    runtime-version: '20.08'
    sdk: org.freedesktop.Sdk
    command: 1password
    rename-desktop-file: 1password.desktop
    rename-icon: 1password
    finish-args:
      # 1Password is X11-only, so we can skip the Wayland socket for now. 🤞
      - --socket=x11
      - --share=network
      # I think it shows notifications sometimes? If not, remove this:
      - --talk-name=org.freedesktop.Notifications
      # Required to avoid asking for a 2FA token on every run:
      - --talk-name=org.freedesktop.secrets
      - --filesystem=xdg-run/1Password-BrowserSupport.sock
      # TODO: There's a dbus-socket for desktops with a tray icon thingy.
      #       That should be exposed too.
    modules:
      - name: 1password
        buildsystem: simple
        build-commands:
          - ar x 1password-*.deb
          - rm -f 1password-*.deb
          - tar xf data.tar.xz
          - rm -f control.tar.gz data.tar.xz debian-binary
          - cp -r usr/* opt/* /app
          - cp -r usr/* opt/* /
          - chmod -R a-s,go+rX,go-w /app/1Password
          # Original path here points to /opt/1Password:
          - sed -i 's|Exec=.*|Exec=1password %U|' /app/share/applications/1password.desktop
          - install -Dm755 1password.sh /app/bin/1password
          - install -Dm644 org.onepassword.onepassword.appdata.xml /app/share/appdata/org.onepassword.onepassword.appdata.xml
        sources:
          - type: file
            only-arches:
              - x86_64
            url: https://downloads.1password.com/linux/debian/pool/main/1/1password/1password-0.9.12-2.deb
            sha256: e27b0055eb9a55af081160fb7a270db1ba806483328a8161d68a0dc2d913ff84
          - type: script
            dest-filename: 1password.sh
            commands:
              # Share a TMPDIR, so that multiple instance can figure out there's
              # already one running.
              - export TMPDIR="$XDG_RUNTIME_DIR/app/$FLATPAK_ID"
              # This script is required to work around a lack of SUID sandbox helper:
              - exec zypak-wrapper /app/1Password/1password "[email protected]"
          - type: file
            path: org.onepassword.onepassword.appdata.xml
    

    org.onepassword.onepassword.appdata.xml:

    <?xml version="1.0" encoding="UTF-8"?>
    <component type="desktop">
      <id>org.onepassword.onepassword</id>
      <name>1Password for Linux</name>
      <project_license>XXX</project_license>
      <developer_name>XXXX</developer_name>
      <summary>XXXXX</summary>
      <metadata_license>CC0-1.0</metadata_license>
      <url type="homepage">https://1password.com/</url>
      <url type="bugtracker">https://github.com/flathub/org.onepassword.onepassword/issues</url>
      <description>
        <p>
          XXXXX
        </p>
      </description>
      <screenshots>
        <image type="source">https://us.v-cdn.net/5020219/uploads/editor/1g/883ixuqsk6tc.png</image>
        <image type="source">https://us.v-cdn.net/5020219/uploads/editor/ae/cmnoxgrdxdp8.png</image>
        <image type="source">https://us.v-cdn.net/5020219/uploads/editor/zc/196a8xd2cohr.png</image>
      </screenshots>
      <releases>
        <release version="0.9.12" date="2021-02-09"/>
      </releases>
      <content_rating type="oars-1.1">
        <content_attribute id="violence-cartoon">none</content_attribute>
        <content_attribute id="violence-fantasy">none</content_attribute>
        <content_attribute id="violence-realistic">none</content_attribute>
        <content_attribute id="violence-bloodshed">none</content_attribute>
        <content_attribute id="violence-sexual">none</content_attribute>
        <content_attribute id="violence-desecration">none</content_attribute>
        <content_attribute id="violence-slavery">none</content_attribute>
        <content_attribute id="violence-worship">none</content_attribute>
        <content_attribute id="drugs-alcohol">none</content_attribute>
        <content_attribute id="drugs-narcotics">none</content_attribute>
        <content_attribute id="drugs-tobacco">none</content_attribute>
        <content_attribute id="sex-nudity">none</content_attribute>
        <content_attribute id="sex-themes">none</content_attribute>
        <content_attribute id="sex-homosexuality">none</content_attribute>
        <content_attribute id="sex-prostitution">none</content_attribute>
        <content_attribute id="sex-adultery">none</content_attribute>
        <content_attribute id="sex-appearance">none</content_attribute>
        <content_attribute id="language-profanity">none</content_attribute>
        <content_attribute id="language-humor">none</content_attribute>
        <content_attribute id="language-discrimination">none</content_attribute>
        <content_attribute id="social-chat">intense</content_attribute>
        <content_attribute id="social-info">none</content_attribute>
        <content_attribute id="social-audio">intense</content_attribute>
        <content_attribute id="social-location">none</content_attribute>
        <content_attribute id="social-contacts">intense</content_attribute>
        <content_attribute id="money-purchasing">none</content_attribute>
        <content_attribute id="money-gambling">none</content_attribute>
      </content_rating>
      <update_contact>[email protected]</update_contact>
    </component>
    
    

    Caveats:

    • App descriptor parts can't start with numbers, hence the name onepassword.
    • I don't use any "application tray" service, so I haven't tested that. I know another D-Bus socket needs to be exposed, but I'm not keen to include extra tweaks I can't test on my setup.

    You can build+install this by running:

    flatpak-builder --user --install build-dir com.1password.1Password.yml --force-clean
    

    And run with:

    flatpak run org.onepassword.onepassword
    
  • In case you want to submit this to Flathub, here's the relevant docs: https://github.com/flathub/flathub/wiki/App-Submission

  • Dayton_agDayton_ag

    Team Member

    Thanks so much, @whynothugo! I'll bring this to the attention of the Development team. :chuffed::+1:

  • Recently electron-builder got experimental support for flatpak. Flathub integration is not built in yet but perhaps soon. Using electron-builder instead of repackaging the .deb may now be a viable option for building the 1password flatpak.

    https://github.com/electron-userland/electron-builder/pull/5711

  • Dayton_agDayton_ag

    Team Member

    Oooh, very cool - thanks so much @vincent_chernin! :love: I'll pass this along to the Dev team to take a gander at. :smile:

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file